| From: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
|---|---|
| To: | Álvaro Hernández Tortosa <aht(at)8kdata(dot)com> |
| Cc: | Victor Drobny <v(dot)drobny(at)postgrespro(dot)ru>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Authentification method on client side checking |
| Date: | 2017-07-10 01:17:11 |
| Message-ID: | CAB7nPqQOucf4_T9f8EJPm8pbWx6-G_zoLzTP0mQAA6oZxMuhVQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Jul 10, 2017 at 9:29 AM, Álvaro Hernández Tortosa
<aht(at)8kdata(dot)com> wrote:
> Precisely yesterday I initiated a similar thread:
> https://www.postgresql.org/message-id/d4098ef4-2910-c8bf-f1e3-f178ba77c381%408kdata.com
>
> I think that a) the mere auth mechanism is not enough (channel binding
> or not, ssl or not, change a lot the effective security obtained) and b)
> maybe a categorization is a better way of specifying a connection security
> requirements.
>
> What's your opinion on this? Any answer should also be coordinated among
> the drivers.
Before rushing into implementing something that we may not want, let's
discuss the matter on the thread spawned by Álvaro and find an
agreement and a direction of implementation. I was planning to answer
your message with my own thoughts on the matter. Having more control
in libpq is definitely something that we should have.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Masahiko Sawada | 2017-07-10 01:23:10 | Re: replication_slot_catalog_xmin not explicitly initialized when creating procArray |
| Previous Message | Masahiko Sawada | 2017-07-10 01:14:05 | Re: Fix header comment of streamutil.c |